On Tue, Apr 28, 1998 at 05:12:22PM +0100, Mark Baker wrote:
> On Tue, Apr 28, 1998 at 05:57:55PM +0200, A Mennucc wrote:
>
> > > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw
> > > library distributed in various MIT X Consortium; X Consortium, Inc.;
> > > and The Open Group X Project Team releases. These vulnerabilities may
> > > be exploited by an intruder to gain root access.
> >
> > the only solutions seems to
> >
> > chmod 0755 `which xterm`
>
> Or to apply a patch that TOG sent to their members, but didn't think to do
> anything useful like include it in the alert itself. It's probably not free
> anyway :(
>
> Since a program as complicated as xterm is always likely to contain security
> problems, we probably should leave it un-suid anyway, even once we have
> patched it to fix the bugs mentioned.
Well, the reason xterm is setuid is because it needs privileged access to
the utmp file. However, this is presently a problem under some
circumstances (see bug #20685).
XFree86 3.3.2-4 is shipping with an /etc/X11/XResources that sets
XTerm*utmpInhibit to true. Is it the consensus of the project that xterm
should have its setuid removed until this bug (#20685) is fixed?
Let me know quickly (especially if any of you know any additional reason
xterm is setuid). If I turn it off then I will want to do so for -5, which
I'd like to release within the next 24 hours.
--
G. Branden Robinson | Human beings rarely imagine a god that
Purdue University | behaves any better than a spoiled child.
branden@purdue.edu | -- Robert Heinlein
http://www.ecn.purdue.edu/~branden/ |